]> git.kaiwu.me - quickjs.git/commitdiff
fixed detached TypedArray handling in Atomics operations
authorFabrice Bellard <fabrice@bellard.org>
Mon, 21 Apr 2025 14:14:00 +0000 (16:14 +0200)
committerFabrice Bellard <fabrice@bellard.org>
Mon, 21 Apr 2025 14:14:00 +0000 (16:14 +0200)
quickjs.c

index 85dc0d084230dce3ba2b82c028ee1763b751a176..dffc3d6a02b1dbb4793750a45f00e5ce59170bb4 100644 (file)
--- a/quickjs.c
+++ b/quickjs.c
@@ -53807,6 +53807,11 @@ static void *js_atomics_get_ptr(JSContext *ctx,
     if (JS_ToIndex(ctx, &idx, idx_val)) {
         return NULL;
     }
+    /* RevalidateAtomicAccess(): must test again detached after JS_ToIndex() */
+    if (abuf->detached) {
+        JS_ThrowTypeErrorDetachedArrayBuffer(ctx);
+        return NULL;
+    }
     /* if the array buffer is detached, p->u.array.count = 0 */
     if (idx >= p->u.array.count) {
         JS_ThrowRangeError(ctx, "out-of-bound access");